为spring-boot-admin配置spring security(用于控制访问)

在spring-boot-admin(SBA)监控端,为了防止没授权的访问,一般需要做访问控制。只需简单几步,就可以配置spring security来控制对SBA的访问。
1、引入依赖:
		
			org.springframework.boot
			spring-boot-starter-security
		

2、配置:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	@Value("${spring.profiles}")
	private String env;

	@Override
	protected void configure(HttpSecurity http) throws Exception {

		/*if("dev".equals(env)){ //如果需要在开发服中免登录
			http.authorizeRequests().antMatchers("*//**","*//**//*filters").permitAll();
			http.csrf().disable();
			http.httpBasic();
			return;
		}*/

		http
				.formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll()
				.and()
				.logout().logoutUrl("/logout")
				.and()
				.authorizeRequests()
				.antMatchers("/login.html", "/**/*.css", "/img/**", "/api/**") //放开"/api/**":为了给被监控端免登录注册
				.permitAll()
				.and()
				.authorizeRequests().antMatchers("/**").authenticated();
		http.csrf().disable();
		http.httpBasic();

	}
/*	@Autowired //也可以在application.yml文件中配置登录账号密码:security.user.name/password
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		auth
			.inMemoryAuthentication()
			.withUser("svcAdmin").password("pw").roles("USER");
	}*/
}

application.yml:
security:
  user:
    name: sba
    password: passwd

3、登录页面:


	
	sba登录
	



请登录:



你可能感兴趣的:(Spring,Boot)